keymaster

package

v0.0.0-...-9be813a Latest Latest Go to latest Published: Jan 5, 2018 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/phad/keytransparency

Links

Open Source Insights

Documentation ¶

Overview ¶

Package keymaster supports the concept of keysets. A signature may be verified by any one of many public keys, while only one active key is used sign new messages.

Index ¶

Variables
func NewSignerFromRawKey(b []byte) (signatures.Signer, error)
func Unmarshal(buf []byte, store *KeyMaster) error
type KeyMaster
- func New() *KeyMaster
type Signer
- func NewSigner(s signatures.Signer, addedAt time.Time, description string, ...) Signer
- func NewSignerFromPEM(pemKey []byte) (Signer, error)
type Verifier

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrKeyNotExist occurs when the key being removed does not exist.
	ErrKeyNotExist = errors.New("key does not exist")
)

Functions ¶

func NewSignerFromRawKey ¶

func NewSignerFromRawKey(b []byte) (signatures.Signer, error)

NewSignerFromRawKey creates a signer object from given raw key bytes.

func Unmarshal ¶

func Unmarshal(buf []byte, store *KeyMaster) error

Unmarshal unmarshals the provided protobuf into a key store object.

Types ¶

type KeyMaster ¶

type KeyMaster struct {
	// contains filtered or unexported fields
}

KeyMaster contains all update signing and verification keys.

func New ¶

func New() *KeyMaster

New creates a new instance of an empty key store.

func (*KeyMaster) Activate ¶

func (s *KeyMaster) Activate(keyID string) error

Activate activates a list of private keys given their IDs. All other private keys are marked as inactive. Deprecated keys cannot be activated.

func (*KeyMaster) AddSigningKey ¶

func (s *KeyMaster) AddSigningKey(status kmpb.SigningKey_KeyStatus, description string, key []byte) (string, error)

AddSigningKey adds a new private key to the store.

func (*KeyMaster) AddVerifyingKey ¶

func (s *KeyMaster) AddVerifyingKey(description string, key []byte) (string, error)

AddVerifyingKey adds a new public key to the store.

func (*KeyMaster) Info ¶

func (s *KeyMaster) Info() ([]*kmpb.SigningKey, []*kmpb.VerifyingKey, error)

Info returns two list of private and public keys info. The actual key material is not include in the results.

func (*KeyMaster) KeyIDs ¶

func (s *KeyMaster) KeyIDs() []string

KeyIDs returns a list of all signing and verifying key IDs.

func (*KeyMaster) Marshal ¶

func (s *KeyMaster) Marshal() ([]byte, error)

Marshal marshals a key store object into a protobuf-formatted byte slice.

func (*KeyMaster) PublicKeys ¶

func (s *KeyMaster) PublicKeys() ([]*keyspb.PublicKey, error)

PublicKeys returns a list of public keys created using all active public keys.

func (*KeyMaster) RemoveSigningKey ¶

func (s *KeyMaster) RemoveSigningKey(keyID string) error

RemoveSigningKey marks a private key as deprecated. Keys are not permanently removed. Active keys cannot be removed.

func (*KeyMaster) RemoveVerifyingKey ¶

func (s *KeyMaster) RemoveVerifyingKey(keyID string) error

RemoveVerifyingKey marks a public key as deprecated. Keys are not permanently removed. If the key being removed is the only non-deprecated one, it cannot be deleted. This prevents account lockout.

func (*KeyMaster) Signer ¶

func (s *KeyMaster) Signer(keyID string) (Signer, error)

Signer returns a signer object given the corresponding key ID.

func (*KeyMaster) Signers ¶

func (s *KeyMaster) Signers() []signatures.Signer

Signers returns a list of signers created using all active private keys.

type Signer ¶

type Signer interface {
	signatures.Signer
	// Status returns the status of the signer.
	Status() kmpb.SigningKey_KeyStatus
	// Activate activates the signer.
	Activate()
	// Deactivate deactivates the signer.
	Deactivate()
	// Deprecate sets the signer status to DEPRECATED.
	Deprecate()
	// Marshal marshals a signer object into a keymaster SigningKey message.
	Marshal() (*kmpb.SigningKey, error)
	// Clone creates a new instance of the signer object
	Clone() Signer
}

Signer represents an object that can generate signatures with a single key.

func NewSigner ¶

func NewSigner(s signatures.Signer, addedAt time.Time,
	description string, status kmpb.SigningKey_KeyStatus) Signer

NewSigner creates a signer object from a private key.

func NewSignerFromPEM ¶

func NewSignerFromPEM(pemKey []byte) (Signer, error)

NewSignerFromPEM parses a PEM formatted block and returns a signer object created using that block.

type Verifier ¶

type Verifier interface {
	signatures.Verifier
	// Status returns the status of the verifier.
	Status() kmpb.VerifyingKey_KeyStatus
	// Deprecate sets the verifier status to DEPRECATED.
	Deprecate()
	// Marshal marshals a verifier object into a keymaster VerifyingKey
	// message.
	Marshal() (*kmpb.VerifyingKey, error)
	// Clone creates a new instance of the verifier object
	Clone() Verifier
}

Verifier represents an object that can verify signatures with a single key.

func NewVerifier ¶

func NewVerifier(v signatures.Verifier, addedAt time.Time,
	description string, status kmpb.VerifyingKey_KeyStatus) Verifier

NewVerifier creates a verifier from a public key.

func NewVerifierFromKey ¶

func NewVerifierFromKey(key *keyspb.PublicKey) (Verifier, error)

NewVerifierFromKey creates a verifier object from a PublicKey proto object.

func NewVerifierFromPEM ¶

func NewVerifierFromPEM(pemKey []byte) (Verifier, error)

NewVerifierFromPEM parses a PEM formatted block and returns a verifier object created using that block.

func NewVerifierFromRawKey ¶

func NewVerifierFromRawKey(b []byte) (Verifier, error)

NewVerifierFromRawKey creates a verifier object from given raw key bytes.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL